Stateful Packet Content Matching Mechanisms

1. A method comprising: performing content inspection across multiple packets to identify a search string having a first portion in an earlier packet and a second portion in a following packet, wherein the content inspection is performed via execution of a plurality of instruction threads; performing the content inspection of a first packet of the common flow with a first instruction thread; and performing the content inspection of a second packet of the common flow with a second instruction thread different than the first instruction thread, wherein the first thread maintains state information pertaining to the content inspection and the second thread employs the state information to continue the content inspection.

2. The method of claim 1 , wherein the content inspection includes concurrently searching for multiple different strings.

3. The method of claim 2 , wherein the content inspection is performed via a computer implementation of a string search algorithm based on the DAWG-(Directed Acyclic Word Graph) match algorithm.

4. The method of claim 2 , wherein the content inspection is performed via a computer implementation of a string search algorithm based on the Wu-Manber algorithm.

5. The method of claim 1 , further comprising: receiving the first packet; classifying the first packet to assign it to a flow; identifying one or more strings to be searched for in packets assigned to the flow; employing a content inspection of the first packet using the first instruction thread; detecting a partial match of one of the one or more search strings that is located toward the end of the first packet; saving string search state information corresponding to the partial match; receiving the second packet; classifying the second packet to assign it to the flow; retrieving the string search state information; employing the string search state information to detect a second portion of the search string, the second portion of the search string beginning toward the start of the second packet.

6. The method of claim 5 , further comprising: identifying a string match condition has occurred; and performing an associated action for the condition to process subsequently-received packets assigned to the flow.

7. The method of claim 1 , further comprising: employing an offset mechanisms for at least one search string, the offset mechanism skipping a first portion of a first packet defined as an offset for an associated search string.

8. The method of claim 1 , further comprising: employing a depth mechanisms for at least one search string, the depth mechanism tracking a depth of a search in a packet and stopping the search upon reaching a depth defined for an associated search string.

9. The method of claim 1 , further comprising: performing a multi-packet search for a case-independent string.

10. The method of claim 1 , wherein the content inspection comprises an operation in a context pipeline of operations that are performed to process packets at a network device, the context pipeline of operations being performed via execution of multiple instruction threads on multiple compute engines.

11. A machine-readable storage medium to provide instructions, which if executed on a multi-threaded network processor perform operations comprising: performing content inspection across multiple packets to identify a search string having a first portion in an earlier packet and a second portion in a following packet, wherein the content inspection is performed via execution of a plurality of instruction threads, wherein the content inspection of a first packet of a common flow is performed by a first instruction thread and content inspection of a second packet of the common flow is performed by a second instruction thread different than the first instruction thread, and wherein the first thread maintains state information pertaining to the content inspection and the second thread employs the state information to continue the content inspection.

12. The machine-readable storage medium of claim 11 , wherein execution of the instructions performs further operations comprising: classifying the first packet that is received to assign it to a flow; identifying one or more strings to be searched for in packets assigned to the flow; employing a content inspection of the first packet using the first instruction thread; detecting a partial match of one of the one or more search strings that is located toward the end of the first packet; saving string search state information corresponding to the partial match; classifying the second packet that is received to assign it to the flow; retrieving the string search state information; and employing the string search state information to detect a second portion of the search string, the second portion of the search string beginning toward the start of the second packet.

13. The machine-readable storage medium of claim 11 , wherein execution of the instructions performs further operations comprising: maintaining a flow table in at least one shared memory resource, the flow table including a plurality of entries associated with a respective flow, each flow table entry including, information identifying a pattern data structure employed for a multi-pattern search associated with the respective flow; and state information to identify a state of a the multi-pattern search; in response to receiving a packet, classifying the packet to a flow; enqueueing the packet into a flow queue allocated to the flow; locating the flow table entry corresponding to the flow; copying the packet into a local memory of a compute engine on the network processor; copying the pattern data structure identified by the flow table entry into the local memory of the compute engine; and performing a multi-pattern string search of the packet on the compute engine using the pattern data structure.

14. The machine-readable storage medium of claim 13 , wherein execution of the instructions performs further operations comprising: classifying the packet to a new flow; and generating a new entry in the flow table corresponding to the new flow.

15. The machine-readable storage medium of claim 11 , wherein the content inspection is performed via a computer implementation of a string search algorithm based on the DAWG-(Directed Acyclic Word Graph) match algorithm.

16. The machine-readable storage medium of claim 11 , wherein the content inspection is performed via a computer implementation of a string search algorithm based on the Wu-Manber algorithm.

17. A network line card, comprising: a network processor unit (NPU) having a plurality of multi-threaded compute engines; a dynamic random access memory (DRAM) store, communicatively-coupled to the NPU; an static random access memory (SRAM) store, communicatively-coupled to the NPU; and an storage device, communicatively-coupled to the NPU, having instructions stored therein to be executed on the NPU to perform operations comprising: classifying received packets to associated flows; and performing content inspection across multiple packets for a given flow using a first instruction thread to inspect a first packet of the given flow and a second instruction thread to inspect a second packet of the given flow to identify a search string in a data stream transported via the multiple packets having respective portions in a sequential pair of packets, wherein the first thread maintains state information pertaining to the content inspection and the second thread employs the state information to continue the content inspection.

18. The network line card of claim 17 , wherein the NPU comprises an Intel IPX-based NPU.

19. The network line card of claim 17 , wherein the content inspection is performed via a computer implementation of a string search algorithm based on the DAWG-(Directed Acyclic Word Graph) match algorithm.

20. The network line card of claim 17 , wherein the content inspection is performed via a computer implementation of a string search algorithm based on the Wu-Manber algorithm.